Title: [113274] trunk/Tools
- Revision
- 113274
- Author
- [email protected]
- Date
- 2012-04-04 18:57:19 -0700 (Wed, 04 Apr 2012)
Log Message
[Chromium, DRT] Bounds check indices on gamepadController
https://bugs.webkit.org/show_bug.cgi?id=83192
Invalid test data would cause bad array accesses. Add simple checks to
ignore such invalid data.
Patch by Scott Graham <[email protected]> on 2012-04-04
Reviewed by Kent Tamura.
* DumpRenderTree/chromium/GamepadController.cpp:
(GamepadController::connect):
(GamepadController::disconnect):
(GamepadController::setId):
(GamepadController::setButtonCount):
(GamepadController::setButtonData):
(GamepadController::setAxisCount):
(GamepadController::setAxisData):
Modified Paths
Diff
Modified: trunk/Tools/ChangeLog (113273 => 113274)
--- trunk/Tools/ChangeLog 2012-04-05 01:42:05 UTC (rev 113273)
+++ trunk/Tools/ChangeLog 2012-04-05 01:57:19 UTC (rev 113274)
@@ -1,3 +1,22 @@
+2012-04-04 Scott Graham <[email protected]>
+
+ [Chromium, DRT] Bounds check indices on gamepadController
+ https://bugs.webkit.org/show_bug.cgi?id=83192
+
+ Invalid test data would cause bad array accesses. Add simple checks to
+ ignore such invalid data.
+
+ Reviewed by Kent Tamura.
+
+ * DumpRenderTree/chromium/GamepadController.cpp:
+ (GamepadController::connect):
+ (GamepadController::disconnect):
+ (GamepadController::setId):
+ (GamepadController::setButtonCount):
+ (GamepadController::setButtonData):
+ (GamepadController::setAxisCount):
+ (GamepadController::setAxisData):
+
2012-04-04 Dirk Pranke <[email protected]>
nrwt is failing to upload test results on the chromium-mac-leopard bots
Modified: trunk/Tools/DumpRenderTree/chromium/GamepadController.cpp (113273 => 113274)
--- trunk/Tools/DumpRenderTree/chromium/GamepadController.cpp 2012-04-05 01:42:05 UTC (rev 113273)
+++ trunk/Tools/DumpRenderTree/chromium/GamepadController.cpp 2012-04-05 01:57:19 UTC (rev 113274)
@@ -68,6 +68,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
internalData.items[index].connected = true;
internalData.length = 0;
for (unsigned i = 0; i < WebKit::WebGamepads::itemsLengthCap; ++i)
@@ -84,6 +86,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
internalData.items[index].connected = false;
internalData.length = 0;
for (unsigned i = 0; i < WebKit::WebGamepads::itemsLengthCap; ++i)
@@ -100,6 +104,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
std::string src = ""
const char* p = src.c_str();
memset(internalData.items[index].id, 0, sizeof(internalData.items[index].id));
@@ -116,6 +122,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
int buttons = args[1].toInt32();
internalData.items[index].buttonsLength = buttons;
webkit_support::SetGamepadData(internalData);
@@ -129,6 +137,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
int button = args[1].toInt32();
double data = ""
internalData.items[index].buttons[button] = data;
@@ -143,6 +153,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
int axes = args[1].toInt32();
internalData.items[index].axesLength = axes;
webkit_support::SetGamepadData(internalData);
@@ -156,6 +168,8 @@
return;
}
int index = args[0].toInt32();
+ if (index < 0 || index >= static_cast<int>(WebKit::WebGamepads::itemsLengthCap))
+ return;
int axis = args[1].toInt32();
double data = ""
internalData.items[index].axes[axis] = data;
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
